Closed matifali closed 3 months ago
Should we add a scheduled workflow to keep it in sync weekly or monthly? https://github.com/wei/pull looks promising
Kaniko has since updated to go1.22 which means we also need to do so. Unfortunately our codersdk deps prevent this right now (see: https://github.com/coder/coder/issues/11342). For now I'm going to manually vendor these in.
@johnstcn Is there anything left here or can we resolve this issue?
@mtojek https://github.com/coder/kaniko/pull/7 is still un-merged. Some of the tests are failing partially due to some changes we have that upstream does not. However, all of our envbuilder tests appear to work fine with these changes.
Then https://github.com/coder/envbuilder/pull/195 can be updated and approved.
This is done now.
Coder's kaniko fork is outdated and prevents updating some of the dependencies that have vulnerabilities. Details can be seen here: https://github.com/coder/envbuilder/security/dependabot
This is a must-do before we launch 1.0 cc: @bpmct